Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 10:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge branch 'master' into topic/jsiwek/file-analysis

Browse source
This commit is contained in:
Jon Siwek 2013-03-27 14:13:05 -05:00
commit 704c705e7b
21 changed files with 440 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

18
CHANGES
View file

@ -1,4 +1,22 @@
2.1-386 | 2013-03-22 12:41:50 -0700
* Added reverse() function to strings.bif. (Yun Zheng Hu)
2.1-384 | 2013-03-22 12:10:14 -0700
* Fix record constructors in table initializer indices. Addresses
#660. (Jon Siwek)
2.1-382 | 2013-03-22 12:01:34 -0700
* Add support for 802.1ah (Q-in-Q). Addresses #641. (Seth Hall)
2.1-380 | 2013-03-18 12:18:10 -0700
* Fix gcc compile warnings in base64 encoder and benchmark reader.
(Bernhard Amann)
2.1-377 | 2013-03-17 17:36:09 -0700
* Fixing potential leak in DNS error case. (Vlad Grigorescu)

2
VERSION
View file

@ -1 +1 @@
2.1-377
2.1-386

2
aux/bro-aux

@ -1 +1 @@
Subproject commit ae14da422bfb252c8a53bd00d3e5fd7da8bc112e
Subproject commit 70681007546aad6e5648494e882b71adb9165105

2
aux/broctl

@ -1 +1 @@
Subproject commit 3e3ada3c2efebeda1278b8897859dd7c7d61e671
Subproject commit 2b35d0331366865fbf0119919cc9692d55c4538c

6
src/Base64.cc
View file

@ -30,9 +30,9 @@ void Base64Converter::Encode(int len, const unsigned char* data, int* pblen, cha
for ( int i = 0, j = 0; (i < len) && ( j < blen ); )
{
uint32_t bit32 = ((i < len ? data[i++] : 0) << 16) +
((i < len ? data[i++] : 0 & i++) << 8) +
( i < len ? data[i++] : 0 & i++);
uint32_t bit32 = data[i++] << 16;
bit32 += (i++ < len ? data[i-1] : 0) << 8;
bit32 += i++ < len ? data[i-1] : 0;
buf[j++] = alphabet[(bit32 >> 18) & 0x3f];
buf[j++] = alphabet[(bit32 >> 12) & 0x3f];

10
src/Expr.cc
View file

@ -4984,14 +4984,22 @@ Val* ListExpr::InitVal(const BroType* t, Val* aggr) const
{
ListVal* v = new ListVal(TYPE_ANY);
const type_list* tl = type->AsTypeList()->Types();
if ( exprs.length() != tl->length() )
{
Error("index mismatch", t);
return 0;
}
loop_over_list(exprs, i)
{
Val* vi = exprs[i]->InitVal(t, 0);
Val* vi = exprs[i]->InitVal((*tl)[i], 0);
if ( ! vi )
{
Unref(v);
return 0;
}
v->Append(vi);
}
return v;

9
src/PktSrc.cc
View file

@ -231,6 +231,15 @@ void PktSrc::Process()
data += get_link_header_size(datalink);
data += 4; // Skip the vlan header
pkt_hdr_size = 0;
// Check for 802.1ah (Q-in-Q) containing IP.
// Only do a second layer of vlan tag
// stripping because there is no
// specification that allows for deeper
// nesting.
if ( ((data[2] << 8) + data[3]) == 0x0800 )
data += 4;
break;
// PPPoE carried over the ethernet frame.

5
src/input/readers/Benchmark.cc
View file

@ -8,6 +8,7 @@
#include <sys/types.h>
#include <sys/stat.h>
#include <unistd.h>
#include <errno.h>
#include "../../threading/Manager.h"
@ -71,7 +72,9 @@ string Benchmark::RandomString(const int len)
double Benchmark::CurrTime()
{
struct timeval tv;
assert ( gettimeofday(&tv, 0) >= 0 );
if ( gettimeofday(&tv, 0) != 0 ) {
FatalError(Fmt("Could not get time: %d", errno));
}
return double(tv.tv_sec) + double(tv.tv_usec) / 1e6;
}

13
src/strings.bif
View file

@ -1122,3 +1122,16 @@ function hexdump%(data_str: string%) : string
return result;
%}
## Returns a reversed copy of the string
##
## str: The string to reverse.
##
## Returns: A reversed copy of *str*
##
function reverse%(str: string%) : string
%{
string s = string((const char*)str->Bytes(), str->Len());
reverse(s.begin(), s.end());
return new StringVal(s.length(), (const char*)s.c_str());
%}

7
testing/btest/Baseline/bifs.reverse/out Normal file
View file

@ -0,0 +1,7 @@
!dlrow olleh
hello world!
risetovotesir
ff00
00ff
3039
A

11
testing/btest/Baseline/core.q-in-q/conn.log Normal file
View file

@ -0,0 +1,11 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path conn
#open 2013-03-22-16-36-54
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count table[string]
1363900699.548138 UWkUyAuUGXf 172.19.51.37 47808 172.19.51.63 47808 udp - 0.000100 36 0 S0 - 0 D 2 92 0 0 (empty)
1363900699.549647 arKYeMETxOg 193.1.186.60 9875 224.2.127.254 9875 udp - 0.000139 552 0 S0 - 0 D 2 608 0 0 (empty)
#close 2013-03-22-16-36-54

25
testing/btest/Baseline/language.table-init-record-idx-2/output Normal file
View file

@ -0,0 +1,25 @@
following should all be true...
T
T
T
T
T
T
T
T
1
1
1
following should all be false...
F
F
F
now here's the foo table...
{
[[a=foo, b=2], 2] = 2,
[[a=baz, b=6], 6] = 6,
[[a=bar, b=4], 4] = 4,
[[a=baz, b=5], 5] = 5,
[[a=bar, b=3], 3] = 3,
[[a=foo, b=1], 1] = 1
}

25
testing/btest/Baseline/language.table-init-record-idx-3/output Normal file
View file

@ -0,0 +1,25 @@
following should all be true...
T
T
T
T
T
T
T
T
1
1
1
following should all be false...
F
F
F
now here's the foo table...
{
[[a=baz, b=5]] = 5,
[[a=foo, b=2]] = 2,
[[a=baz, b=6]] = 6,
[[a=foo, b=1]] = 1,
[[a=bar, b=4]] = 4,
[[a=bar, b=3]] = 3
}

25
testing/btest/Baseline/language.table-init-record-idx-4/language.table-init-record-idx-2/output Normal file
View file

@ -0,0 +1,25 @@
following should all be true...
T
T
T
T
T
T
T
T
1
1
1
following should all be false...
F
F
F
now here's the foo table...
{
[[a=foo, b=2], 2] = 2,
[[a=baz, b=6], 6] = 6,
[[a=bar, b=4], 4] = 4,
[[a=baz, b=5], 5] = 5,
[[a=bar, b=3], 3] = 3,
[[a=foo, b=1], 1] = 1
}

25
testing/btest/Baseline/language.table-init-record-idx-4/output Normal file
View file

@ -0,0 +1,25 @@
following should all be true...
T
T
T
T
T
T
T
T
1
1
1
following should all be false...
F
F
F
now here's the foo table...
{
[[a=foo, b=2], 2] = 2,
[[a=baz, b=6], 6] = 6,
[[a=bar, b=4], 4] = 4,
[[a=baz, b=5], 5] = 5,
[[a=bar, b=3], 3] = 3,
[[a=foo, b=1], 1] = 1
}

25
testing/btest/Baseline/language.table-init-record-idx/output Normal file
View file

@ -0,0 +1,25 @@
following should all be true...
T
T
T
T
T
T
T
T
1
1
1
following should all be false...
F
F
F
now here's the foo table...
{
[[a=baz, b=5]] = 5,
[[a=foo, b=2]] = 2,
[[a=baz, b=6]] = 6,
[[a=foo, b=1]] = 1,
[[a=bar, b=4]] = 4,
[[a=bar, b=3]] = 3
}

BIN
testing/btest/Traces/q-in-q.trace Normal file
View file

Binary file not shown.

19
testing/btest/bifs/reverse.bro Normal file
View file

@ -0,0 +1,19 @@
#
# @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-diff out
event bro_init()
{
local s1 = "hello world!";
local s2 = "rise to vote sir";
local s3 = "\xff\x00";
local s4 = "\xff\x39\x30\xff";
print reverse(s1);
print reverse(reverse(s1));
print subst_string(reverse(s2), " ", "");
print bytestring_to_hexstr(s3);
print bytestring_to_hexstr(reverse(s3));
print bytestring_to_hexstr(reverse(sub_bytes(s4, 2, 2)));
print reverse("A");
}

2
testing/btest/core/q-in-q.bro Normal file
View file

@ -0,0 +1,2 @@
# @TEST-EXEC: bro -r $TRACES/q-in-q.trace
# @TEST-EXEC: btest-diff conn.log

2
testing/btest/language/table-init-container-ctors.bro
View file

@ -2,7 +2,7 @@
# @TEST-EXEC: btest-diff output
# The various container constructor expressions should work in table
# initialization lists.
# initialization lists (as yields).
type set_yield: set[string, count];
type vector_yield: vector of count;

216
testing/btest/language/table-init-record-idx.bro Normal file
View file

@ -0,0 +1,216 @@
# @TEST-EXEC: bro -b %INPUT >output
# @TEST-EXEC: btest-diff output
# Record constructors should work in table initializers
type r: record {
a: string;
b: count;
};
global a: r = [$a="foo", $b=1];
global b: r = [$a="foo", $b=2];
global c: r = [$a="bar", $b=3];
global d: r = [$a="bar", $b=4];
global e: r = [$a="baz", $b=5];
global f: r = [$a="baz", $b=6];
global foo: table[r] of count = {
[a] = 1,
[record($a="foo", $b=2)] = 2,
[[$a="bar", $b=3]] = 3,
};
foo[d] = 4;
foo[[$a="baz", $b=5]] = 5;
foo[record($a="baz", $b=6)] = 6;
print "following should all be true...";
print a in foo;
print b in foo;
print c in foo;
print d in foo;
print e in foo;
print f in foo;
print [$a="foo", $b=1] in foo;
print record($a="foo", $b=1) in foo;
print foo[a];
print foo[[$a="foo", $b=1]];
print foo[record($a="foo", $b=1)];
print "following should all be false...";
local bah: r = [$a="bah", $b=0];
print bah in foo;
print [$a="bah", $b=0] in foo;
print record($a="bah", $b=0) in foo;
print "now here's the foo table...";
print foo;
# @TEST-START-NEXT
# They can be part of a compound index type, too...
type r: record {
a: string;
b: count;
};
global a: r = [$a="foo", $b=1];
global b: r = [$a="foo", $b=2];
global c: r = [$a="bar", $b=3];
global d: r = [$a="bar", $b=4];
global e: r = [$a="baz", $b=5];
global f: r = [$a="baz", $b=6];
global foo: table[r, count] of count = {
[a, 1] = 1,
[record($a="foo", $b=2), 2] = 2,
[[$a="bar", $b=3], 3] = 3,
};
foo[d, 4] = 4;
foo[[$a="baz", $b=5], 5] = 5;
foo[record($a="baz", $b=6), 6] = 6;
print "following should all be true...";
print [a, 1] in foo;
print [b, 2] in foo;
print [c, 3] in foo;
print [d, 4] in foo;
print [e, 5] in foo;
print [f, 6] in foo;
print [[$a="foo", $b=1], 1] in foo;
print [record($a="foo", $b=1), 1] in foo;
print foo[a, 1];
print foo[[$a="foo", $b=1], 1];
print foo[record($a="foo", $b=1), 1];
print "following should all be false...";
local bah: r = [$a="bah", $b=0];
print [bah, 0] in foo;
print [[$a="bah", $b=0], 0] in foo;
print [record($a="bah", $b=0), 0] in foo;
print "now here's the foo table...";
print foo;
# @TEST-START-NEXT
# Now checking table() ctor versus { } initializer
type r: record {
a: string;
b: count;
};
global a: r = [$a="foo", $b=1];
global b: r = [$a="foo", $b=2];
global c: r = [$a="bar", $b=3];
global d: r = [$a="bar", $b=4];
global e: r = [$a="baz", $b=5];
global f: r = [$a="baz", $b=6];
global foo: table[r] of count = table(
[a] = 1,
[record($a="foo", $b=2)] = 2,
[[$a="bar", $b=3]] = 3
);
foo[d] = 4;
foo[[$a="baz", $b=5]] = 5;
foo[record($a="baz", $b=6)] = 6;
print "following should all be true...";
print a in foo;
print b in foo;
print c in foo;
print d in foo;
print e in foo;
print f in foo;
print [$a="foo", $b=1] in foo;
print record($a="foo", $b=1) in foo;
print foo[a];
print foo[[$a="foo", $b=1]];
print foo[record($a="foo", $b=1)];
print "following should all be false...";
local bah: r = [$a="bah", $b=0];
print bah in foo;
print [$a="bah", $b=0] in foo;
print record($a="bah", $b=0) in foo;
print "now here's the foo table...";
print foo;
# @TEST-START-NEXT
# Now checking table() ctor versus { } initializer for compound index
type r: record {
a: string;
b: count;
};
global a: r = [$a="foo", $b=1];
global b: r = [$a="foo", $b=2];
global c: r = [$a="bar", $b=3];
global d: r = [$a="bar", $b=4];
global e: r = [$a="baz", $b=5];
global f: r = [$a="baz", $b=6];
global foo: table[r, count] of count = table(
[a, 1] = 1,
[record($a="foo", $b=2), 2] = 2,
[[$a="bar", $b=3], 3] = 3
);
foo[d, 4] = 4;
foo[[$a="baz", $b=5], 5] = 5;
foo[record($a="baz", $b=6), 6] = 6;
print "following should all be true...";
print [a, 1] in foo;
print [b, 2] in foo;
print [c, 3] in foo;
print [d, 4] in foo;
print [e, 5] in foo;
print [f, 6] in foo;
print [[$a="foo", $b=1], 1] in foo;
print [record($a="foo", $b=1), 1] in foo;
print foo[a, 1];
print foo[[$a="foo", $b=1], 1];
print foo[record($a="foo", $b=1), 1];
print "following should all be false...";
local bah: r = [$a="bah", $b=0];
print [bah, 0] in foo;
print [[$a="bah", $b=0], 0] in foo;
print [record($a="bah", $b=0), 0] in foo;
print "now here's the foo table...";
print foo;